MWC24: Applying Zero Trust Architecture with Rakuten

Nagendra Bykampadi, Rakuten Symphony Global Head of Product Security, on how the company is focused on cloud security solutions to protect future networks

With the digital era revolutionising the telecom industry, businesses are facing calls to innovate further with AI and cloud-native technologies.

There are numerous benefits to the cloud-native approach, including increased network speeds, efficiency and agility in offering new services. As operators deploy new networks with expanded attack surfaces, perimeter-based defences are no longer viable. A new, more dynamic approach to security is now required. 

Significantly, many businesses are turning to  “zero trust” security principles to protect cloud networks. Zero trust implies that any internal or external user or service requesting access to a resource is a potential threat and so should be challenged to verify identity every time a request is made. 

Applying zero trust architecture

Rakuten Symphony, a Rakuten Group company, provides global B2B services to the telco industry. It was early to market delivering full-stack, Open RAN offerings to enable cloud-based international mobile services.

The company is playing a key role in defining O-RAN security specifications. It is leading  security specifications work for Open Front Haul interfaces and O-Cloud, an O-RAN Alliance defined cloud platform. 

Nagendra Bykampadi, Global Head of Product Security at Rakuten Symphony and co-chair of the O-RAN Alliance Security Work Group (WG11) , said at MWC Barcelona 2024: “We have taken some of our experiences and learnings from our deployment in RMI and worked closely with MITRE to begin a new work item in WG11 on zero trust architecture for O-RAN based networks.

“We feel zero trust is required to protect our networks for the future.”

The company has taken its expertise in standards to implement standards-compliant security controls for its Open RAN products and Rakuten’s cloud platform. 

“A lot of our software needs to be compliant with O-RAN Alliance standards,” Bykampadi says. “We have shifted to include what we call ‘product security guidelines/requirements’. The whole idea is that every Rakuten Symphony product adheres to a certain set of security principles.”

Bykampadi continues: “We also focus on DevSecOps plus additional practices like threat modelling, compliance to product baseline security requirements and so on. This is an evolving topic, but I'm happy to say that we are pretty much industry best when it comes to the adoption of security practices during software development.”

When it comes to building an Open RAN-based network, “You need to have a well-thought-out security design as you plan your network and build a network. One of the things that we are seeing is that we have already built the network, and now let's say we want to evolve to something like zero trust. There is always going to be a legacy problem that we have to face.” 

He adds: “My suggestion would be that when you design and build a network, consider security from day one. Device management and user management are very critical. These need to be incorporated into your planning phase rather than retrofitted later on.”

Automation as a driving force in cybersecurity

Moving forward, Bykampadi highlights that automation will be critical, as AI and machine learning (AI/ML) can be harnessed to improve business security posture and mitigate attacks.

“Security visibility is the key for you to solve security problems,” he says. “If you know exactly who is there in your network, what kind of devices are there in your network, it's always easy to manage it.

“On the contrary, lack of visibility is always a concern. My personal goal would be to somehow use AI/ML as enablers to improve our network visibility. But visibility of the issue is important, which is where I see a lot of emphasis going as we prepare for future networks.”

Bykampadi continues: “Rakuten Symphony is in a very unique position, as we don’t just have industry leading products - we also have the benefit of contributing to standards and specifications, which actually drive the product itself. We are thinking for the future with an emphasis on AI/ML, automation and self-autonomous networks.”


Make sure you check out the latest edition of Data Centre Magazine and also sign up to our global conference series - Tech & AI LIVE 2024


Data Centre Magazine is a BizClik brand


Featured Articles

How Kove Unlocks Transformative Growth for Your Organisation

Kove helps clients maximise infrastructure performance using software-defined memory. Learn how

US Data Centres Confront the Strain of Rising Power Demands

Data centres across the United States (US) are preparing for a continued surge in power demand, as customers seeking technology like AI strain power grids

Data storage, memory and generation with IEEE’s Tom Coughlin

We speak with Tom Coughlin, President and CEO of IEEE, about power-hungry AI and memory technologies within the telco market

Digital Realty Continues Renewable Rollout to the US

Data Centres

Google Axion Processors: A New Era of Data Centre Efficiency

Technology & AI

MWC24: Harnessing AI to Modernise Telcos with Tech Mahindra

Technology & AI